Last fall in the wake of the Sept. 11 attacks, we asked experts what CIOs should do in critical areas. We recently contacted them to see how their views have changed.JOHN MCCARTHY, executive director of the critical infrastructure protection project, George Mason University Law School, Arlington, Va.

Last year, McCarthy said that after 9/11 corporate leaders needed to think about people as well as computer systems when planning for disaster recovery.

Now, McCarthy says the people side of risk management is more important now than it was last year, but since Sept. 11 most companies have still focused on using technology in preparing response to physical threats or cyberattacks. "Yet very few people in either the government or the private sector are discussing security for that technology," he says. "And that makes your organization and your people more vulnerable." CIOs, he says, must act as a champion for security when leaders discuss risk management. "They are the lead technology change agent and the first line of defense," he says.

Last year, Badaracco stressed that managers needed to get back to work but also keep lines of communication open. "Managers have got to find a way to give people space and let them work through this."

Now, Badaracco says organizations have returned to an uneasy normality, and managers are once again dealing with basic business issues. "People can't forget, but routines and day-by-day stuff are taking up most of people's minds now. But I don't think it would take much to disturb this uneasy normality. If something else happens, organizations and managers will have to react to the renewed feelings from the original event."

DAVID DOBRIN, president, B2B Analysts Inc., Cambridge, Mass.

Last year, Dobrin said global business would need to depend on IT more than in the past. "CIOs need to provide the business with the capability to be more responsive, to get advanced warnings from customers, to look at point-of-sale data from retailers and feed that back to manufacturing," he said. He also predicted that business travel would grind to a near halt. "The cost of business travel will now be spent on IT," he said.

Now, Dobrin says he is surprised by how quickly business travel came back. "Yes, videoconferencing did get a boost but not a terribly big one," he says. But even more important is a subtle shift in attitudes since 9/11 that has affected IT projects.

"In IT, you see this every day in people's real reluctance to take risks on projects," Dobrin adds. "With big IT projects, of course, there's been plenty of evidence that bad things can and do happen. But in the past, this evidence has been ignored, or CIOs have said, I'm a good project manager, so it won't happen to me.

"The pendulum has swung away from absurd overconfidence. But the shame of it is that even good projects are being shelved."

DAVID FOOTE, president, Foote Partners LLC, New Canaan, Conn.

Last year, Foote said that IT leaders needed to help workers through the 9/11 aftermath by keeping communication channels open. "The companies with strong leaders are the ones that were talking with employees and customers right away," he said.

Now, Foote says that sadly, that hasn't happened to any great extent. "For every contented employee there are four others who are bitter, demoralized, confused or stressed out from the increased workload following layoffs that they aren't sure how they feel."

When a company is in rough shape, CIOs need to lead, Foote says. "Nobody believes conditions will be getting better anytime soon, given the ongoing economic recession, accounting scandals and anticipation of future terrorist attacks. But this is the hand that CIOs have been dealt. They need to try much harder, raise the level of their game. If they lack experience or are unsure of what to do -- and many are -- they should talk to people who do know, seek out information, and practice what they learn."

Last year, when we asked Schneier if 9/11 had changed anything, he called America a bright-shiny-object sort of culture. "If the bright shiny object changes next month, we'll talk about that," Schneier said. "Right now, security is important. But will anything change? Who knows?"

Now, Schneier says we've moved on to the next object -- business scandals. "I wish I could say that everyone has made serious changes in their security," he says. "They haven't. Everyone said, Yes we want to make these changes, but when push came to shove we had to get our product out the door. We had to stay in business. I wish I could tell you different."

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.